A formal security policy for Xenon

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2008, Pages 43-52

  McDermott, John ^a   Freitas, Leo ^b  

^a NAVAL RESEARCH LABORATORY   (United States)

^b UNIVERSITY OF YORK   (United Kingdom)

Author keywords

Circus; CSP; Hypervisor; Information flow security; Open source; Refinement; Z

Indexed keywords

CIRCUS; CSP; HYPERVISOR; INFORMATION-FLOW SECURITY; OPEN-SOURCE; REFINEMENT; Z;

COMPUTER OPERATING PROCEDURES; ENGINEERING; FORMAL METHODS; HELIUM; REENGINEERING; SECURITY SYSTEMS;

XENON;

EID: 67649851159     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1456396.1456401     Document Type: Conference Paper

References (36)

1. J. Alves-Foss and C. Taylor. An analysis of the GWV security policy. In Proc. ACL2 Workshop, Austin, Texas, US, November 2004.
2. R.-J. Back and J. von Wright. Refinement Calculus: A Systematic Introduction. Graduate Text in Computer Science. Springer-Verlag, 1998.
3. P. Barham, B. Dragovic, K. Fraiser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In Proc. 19th ACM Symposium on Operating Systems Principles (SOSP-19), Bolton Landing, New York, USA, October 2003.
4. D. Basin, J. Doser, and T. Lodderstedt. Model driven security: from UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology, 15(1):39-91, 2001.
5. D. Bell and L. LaPadula. Secure computer system: Unified exposition and Multics interpretation. Technical Report ESD-TR-75-306,MTR-2997 rev. 1, MITRE, 1976.
6. A. Cavalcanti, A. Sampiao, and J. Woodcock. A refinement strategy for circus. Formal Aspects of Computing, 15(2-3):146-181, 2003.
7. G. Coker. Xen security modules. Xen Summit 2007 Presentation, April 2007. Available from http://www.xensource.com/xen/xensummit.html.
8. The Common Criteria Project Sponsoring Organizations. Common Criteria for Information Technology Security Evaluation, v. 3.1, rev. 1 edition, September 2006. Also referred to as ISO 15408.
9. D. Denning. Secure Information Flow in Computer Systems. PhD thesis, Purdue University, West Lafayette, Indiana, US, 1975.
10. D. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5), May 1976.
11. R. Focardi and R. Gorrieri. A classification of security properties for process algebra. J. Computer Security, 3(1):5-33, 1994.
12. L. Freitas and J. McDermott. Formal modelling of a separation kernel hypervisor. Technical Report 13, University of York, May 2008.
13. L. Freitas and J. Woodcock. Circus based development environment. Technical Report 12, University of York, Sep 2007.
14. L. Freitas and J. Woodcock. Mechanising Mondex with Z/Eves. Formal Aspects of Computing, 20(1):117-139, Jan 2008.
15. J. Goguen and J. Meseguer. Security policies and security models. In Proc. IEEE Symposium on Research in Security and Privacy, Oakland, California, US, April 1982.
16. D. Greeve, M. Wilding, and W. M. Vanfleet. A separation kernel formal security policy. In Proc. ACL2 Workshop, Boulder, Colorado, US, July 2003.
17. C. Heitmeyer, M. Archer, E. Leonard, and J. McLean. Applying formal methods to a certifiably secure software system. IEEE Transactions on Software Engineering, 34(1):82-98, Jan/Feb 2008.
18. C. Hoare. Communicating Sequential Processes. Prentice-Hall International, 1985.
19. ISO/IEC 13568. Information Technology-Z Formal Specification Notation-Syntax, Type System and Semantics. ISO/IEC, first edition, 2002.
20. E. Kleiner and T. Newcomb. On the decidability of the safety problem for access control policies. In Sixth International Workshop on Automated Verification of Critical Systems (AVoCS), Nancy, FR, September 2006.
21. H. Mantel. Possibilistic definitions of security - an assembly kit. In Proc. 13th IEEE Computer Security Foundations Workshop, 2000.
22. H. Mantel. The framework of selective interleaving functions and the modular assembly kit. In Proc. Formal Methods in Security Engineering, Fairfax, Virginia, US, November 2005.
23. J. McDermott, J. Kirby, B. Montrose, T. Johnson, and M. Kang. Re-engineering Xen internals for higher-assurance security. Information Security Technical Report, 13(1):17-24, 2008.
24. J. McLean. Proving noninterference and functional correctness using traces. J. Computer Security, 1(1), 1992.
25. J. McLean. A general theory of composition for trace sets closed under selective interleaving functions. In Proc. IEEE Symposium on Research in Security and Privacy, Oakland, California, US, May 1994.
26. B. Randell and J. Rushby. Distributed secure systems: Then and now. In 23st Annual Computer Security Applications Conference (ACSAC), Miami, FL, US, December 2007.
27. A. Roscoe. CSP and determinism in security modelling. In Proc. IEEE Symposium on Security and Privacy, Oakland, California, US, May 1995.
28. A. Roscoe. The Theory and Practice of Concurrency. Prentice-Hall International, 1997.
29. A. Roscoe, J. Woodcock, and L. Wulf. Non-interference through nondeterminism. In Proc. ESORICS, Brighton, UK, November 1994.
30. W. Ruzzo, M. Harrison, and J. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461-471, August 1976.
31. P. Ryan and S. Schneider. Process algebra and non-interference. In Proc. 12th IEEE Computer Security Foundations Workshop, Mordano, IT, June 1999.
32. M. Saaltink. Z/Eves 2.0 User's Guide. ORA Canada, 1999. TR-99-5493-06a.
33. R. Sailer, T. Jaeger, E. Valdez, R. Cáceres, R. Perez, S. Berger, J. Griffin, and L. van Doorn. Building a MAC-Based security architecture for the Xen open-source hypervisor. In Proc. 21st Annual Computer Security Applications Conference, Tucson, Arizona, US, December 2005.
34. J. Woodcock, A. Cavalcanti, M.-C. Godel, and L. Freitas. Operational semantics of circus. Formal aspects of computing, 2008. in press.
35. J. Woodcock and J. Davies. Using Z: Specification, Refinement, and Proof. International Series in Computer Science. Prentice-Hall International, 1996.
36. A. Zakinthinos and E. S. Lee. A general theory of security properties. In Proceedings of the 18th IEEE Computer Society Symposium on Research in Security and Privacy, 1997.